Hi Javi, On Wed, May 27, 2015 at 12:16:38PM +0100, Javi Merino wrote: > [Dropping python-apps-team] > > Hi debian-lts, > > On Tue, May 12, 2015 at 10:15:38PM +0900, Javi Merino wrote: > > Hi Raphael, > > > > On Mon, May 11, 2015 at 08:42:23PM +0200, Raphael Hertzog wrote: > > > Hello dear maintainer(s), > > > > > > the Debian LTS team would like to fix the security issues which are > > > currently open in the Squeeze version of mercurial: > > > https://security-tracker.debian.org/tracker/CVE-2014-9462 > > > https://security-tracker.debian.org/tracker/CVE-2014-9390 (optional, is > > > tagged no-dsa) > > > > > > Would you like to take care of this yourself? We are still understaffed so > > > any help is always highly appreciated. > > > > If you are understaffed I'm happy to help preparing the update. I'll > > hopefully have time to do it tomorrow, I'll claim the DLA when I start > > working on it. > > I've prepared a package for squeeze lts that fixes CVE-2014-9462 and > CVE-2014-9390. Find attached the debdiff. > > I've run the testsuite in a squeeze chroot and it passes, but I'm not > entirely sure that a) I haven't broken anything and b) my backport of > the security fix is valid -- the code has changed a lot between > mercurial 1.6.4 and 3.2.3. I'd appreciate if somebody did some more > testing. The packages can be found in: > > https://people.debian.org/~vicho/mercurial_squeeze/
I'm happy to test this since I already had a look at the CVEs. But I won't get around to it before Friday. I'll just check if the DLA is out until then and if now will do the testing and report back. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150527170605.gb18...@bogon.m.sigxcpu.org
